INFOSTEALERS are increasingly the primary tool for credential theft, with over 11.1 million devices infected in 2025 and 3.3 billion credentials circulating in illegal markets. These malware programs operate stealthily, often using social engineering to infect devices and can avoid detection by enterprise defenses. The most prevalent infostealers, such as Vidar and Lumma, vary in operation but typically target sensitive data like website passwords, VPN credentials, and personal information.
Stealers are easily available on the dark web, marketed as malware-as-a-service. Once data is stolen, it is packaged and sold, often leading to further cyberattacks such as ransomware. The threat is severe and often goes unnoticed until it's too late.